Google SketchUp Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Google SketchUp and is prone to to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to execute arbitrary code and can cause Denial of Service. Impact Level: Application

Solution

Upgrade to Google SketchUp version 7.1 M2. For updates refer to http://sketchup.google.com/download/index2.html

Insight

The flaws exists due to: - An array indexing error when processing '3DS' files which can be exploited to corrupt memory. - An integer overflow error when processing 'SKP' files which can be exploited to corrupt heap memory.

Affected

Google SketchUp version 7.0 before 7.1 M2(7.1.6860.0)

References

http://secunia.com/advisories/38185
http://secunia.com/advisories/38187/3/
http://www.coresecurity.com/content/google-sketchup-vulnerability
http://www.vupen.com/english/advisories/2010/0133

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0280, CVE-2010-0316

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)

Take action and discover your vulnerabilities